Sunday, October 2, 2011

The .DS_Store file is a Mac OS X file which provides information about folder content. This file will be created by the Mac OS X Finder. Attacker can obtain sensitive information about your system if this file is accessible via your Tomcat web server.
To solve this security vulnerability go to your server.xml and add the following line:

Thursday, September 8, 2011

In recent Mojarra versions, there was always a problem. JBoss AS 7 comes with Mojarra version 2.0.4-b09. Once the tag a4j:ajax will be used on JSF components you receive the following error message:

javax.faces.FacesException: Unexpected error restoring state for component with id form:inputComponent:input. Cause: java.lang.ClassCastException: javax.faces.component.StateHolderSaver cannot be cast to [Ljava.lang.Object;.
at com.sun.faces.application.view.StateManagementStrategyImpl$1.visit(StateManagementStrategyImpl.java:273)
at com.sun.faces.component.visit.FullVisitContext.invokeVisitCallback(FullVisitContext.java:151)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1485)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
at javax.faces.component.UIForm.visitTree(UIForm.java:335)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
at javax.faces.component.UIComponent.visitTree(UIComponent.java:1496)
at com.sun.faces.component.visit.VisitUtils.doFullNonIteratingVisit(VisitUtils.java:75)
at com.sun.faces.application.view.StateManagementStrategyImpl.restoreView(StateManagementStrategyImpl.java:257)
at com.sun.faces.application.StateManagerImpl.restoreView(StateManagerImpl.java:181)
at com.sun.faces.application.view.ViewHandlingStrategy.restoreView(ViewHandlingStrategy.java:123)
at com.sun.faces.application.view.FaceletViewHandlingStrategy.restoreView(FaceletViewHandlingStrategy.java:448)
at com.sun.faces.application.view.MultiViewHandler.restoreView(MultiViewHandler.java:148)
at com.ocpsoft.pretty.faces.application.PrettyViewHandler.restoreView(PrettyViewHandler.java:109)
at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:288)
at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:288)
at javax.faces.application.ViewHandlerWrapper.restoreView(ViewHandlerWrapper.java:288)
at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:187)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:111)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:118)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.jboss.seam.servlet.exception.CatchExceptionFilter.doFilter(CatchExceptionFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.jboss.seam.servlet.event.ServletEventBridgeFilter.doFilter(ServletEventBridgeFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:139)
at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57)
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:49)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.ClassCastException: javax.faces.component.StateHolderSaver cannot be cast to [Ljava.lang.Object;
at org.ajax4jsf.component.behavior.AjaxBehavior.restoreState(AjaxBehavior.java:343)
at javax.faces.component.UIComponentBase.restoreBehaviors(UIComponentBase.java:2056)
at javax.faces.component.UIComponentBase.restoreBehaviorsState(UIComponentBase.java:2023)
at javax.faces.component.UIComponentBase.restoreState(UIComponentBase.java:1443)
at javax.faces.component.UIOutput.restoreState(UIOutput.java:256)
at javax.faces.component.UIInput.restoreState(UIInput.java:1379)
at com.sun.faces.application.view.StateManagementStrategyImpl$1.visit(StateManagementStrategyImpl.java:265)
... 51 more

The workaround
The best way to solve this problem, is to switch Mojarra version back to 2.0.2-b10. Download the package from the Mojarra repository. Extract zip file and drop the jsf-impl-2.0.2-b10.jar into:

Be careful with updating Hibernate Core 3.6 to 4.0 with MySQL as database and strategy GenerationType.AUTO. For me it was an update of JBoss AS 6 (Hibernate 3.6) to AS 7 (Hibernate 4). If you have mapped tables like this:

@Id
@GeneratedValue(strategy = GenerationType.AUTO)

Hibernate 3.6 uses the auto increment functionality to increment the id. But Hibernate 4 creates a sequence table and uses this to increment the id. Even if you say sequences are ok, you will run into exceptions on a given database, since Hibernate tries to save the first object with id 1 which already exists.
Better change the strategy to:

@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)

Now both Hibernate versions will create the table structure in the same way.

Followers

Blog Archive

About Me

My name is Sebastian Sachtleben, a software developer with five years experience of web development. My experience includes Struts, Spring, Seam Framework, Richfaces, Primefaces, EJB, JSF, Hibernate etc. I love the direction JEE is taking at the moment and I'm delighted to develop applications with it.